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4^ ^ m - ^> n. m ^ ^ ^> m jl m » t ^7 ^ 

^ Ti: ' ^ ^ ^ ^ Si: m m ^ ^ ^ 

^ yk.^ m $- " ^ ^ m ^ 1 - ^ ^ m % ' *t^& 
^ ^-^ # -^1 4- a F;er jL fal Jic 1^ .5. ftl -f- t ;^ * ; 3^ 3. m % yi: 
t >^ # # ^ 60 # ' -fit # Jic ^ ^ ^ >^ * # * >t ± C safe 
errors #*a^>^^^6fjttfl ' J->t^>^t^a^#:^J^ 

safe errorS^i Jic^^-t-^^fi^^^^^^^i^^t " 

^ ^ m - % ^ ' 

7t##^: 100-150 >,fL ^#15^ - 



: Method and Apparatus for Protecting Public Key 
Schemes from Timing, Power and Fault Attacks) 

The present invention provides a method for 
protecting public key schemes from timing, power 
and fault attacks. In general, this is 
accomplished by implementing critical operations 
using "branchless" or fixed execution path 
routines whereby the execution path does not vary 
in any manner that can reveal new information 
about the secret key during subsequent operations. 



More par t i cu 1 ar 1 y , the present invention provides 
a modular exponentiation algorithm without any 
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^X^st^H^^ ' Method and Apparatus for Protecting Public Key 

Schemes from Timing, Power and Fault Attacks) 

redundant computation so that it can protect the 
secret key from C safe error attacks. The improved 
method also provides an algorithm that doesn't 
have a store operation with non-certain 
destination so that the secret key is immune from 
M safe error attacks. 
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^ # m i% ^ - n ^% % % ' jtb }^ ^ -fs ^g. ^ri 
Pal Jic ^ 4t # € ;^ Jic * # 6*1 J^ic ^ ' X ^fe ^6. ^A. It ^ Jicl^ 
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^ # 1^ Jic * a # ^ Bf f-l * #T ^ t ;^ Jic 1^ a % ^ ;a 

^ € i7 J:^ ^ # ^ € ^ 4t Jic ^ # ' it #• Jic ^ 4i # 
^ ^ a >fg. >(» ^ # ^, 41- 6f> t tfl • -kP % tl ^ - # FbI ^ 4t 
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i.^^mm.m (2) 

^ .€ ° it ^fe Jic ^ m ^ ^s. tb # 1^ 60 lie 
K # *^ ^ 60 t tn. -^r ^ ill ^ ^> ° 



;^ 1 99 5^ 9.^ 2 9a ' Paul Kocher^ =k Hi ^ ^ ^ ^ 
^ # 'fi ^ ^ 'f^^ ^ ^ ^ * ^ '^^ ^ ^ ^ ° ii it - ^ ^ 

1 9 9 6#- ^ ib at ^ ^ ^ 'f^T ^/f ^ ^ a ^ ^ 

^ ^ o ^ Kocher# * Fal Jic ^ 5c ilJl ' A f1 ^ 5^1 ^ >i * S 
^ JL ^ ffi 60 o^o ^ t^t ^ SSL) ' ^ ^^^^ ^ Jtfk " 

^-^>^*?fc60^^TBfr«1t^ia^At^4 60^f^ ffn*^ 
n ^ n ^'^^ ' it -t!2> Ifc -fj^ # ^ ^ ^ * *^ * ^'^ ^ 

F«1 t m # a # >t ^ ^ ^ " 



RSA^ >5^^.^60*^^*'^^i*t^^^*:it* ^ ^IMi£ 

# ' J. ^ ffi # m 4 ^ ^ ^ ^ ^ -f^ ° - ^ -ft RSA 
^ ^ ^ -f^ ffl SI - *t * M ^ mod n60 * <• Bl - 
60 ^^^^^^^^-'f®^'^^^ ^ ip-;5-^^^^60>^#>ir ' * 
t ^ 1^ ;!ro ^ 60 Ifl 4 ' RSAf, M. 60 M 1^ ' ^1 ^ RSA 
.f. 60 ^ ^ ^ ' ^' ^ ^ w>fi 70 ( e ..f e ze iC o) ' 

* m # ^ iiJ S^ tt ^ S = M« mod n60 .ii ^ - 

>^ # ^ t f 4 60 # # ^1 4^ # ^ ^ 51- a - ^ ^ ^ ^ 
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i - ^mn^H (3) 

I m m ' u-^ ^ ^ ^ ^ ^ -fi 7c e 1^ 1 ' m ^ \ 

\>n % m ^ ^ S^H- a ^ " m ' U-kP U ^ ^ ^ ^ k-f® 

7t e 0 ' % 34t a ^ » ^ 1%. >^ # t ^ 

4fr -f-^ # ^« ^ ^ ^ ^ ^ ' ^ ^ ^ ^ ^ <^ * " ® ' 
^ -f® tf # M« mod t\ % Pal ' # .i: # Hf P.1 . ® 

-ffl ^ ^ * ^ ^ - ^ 6f| >^ # ^i: ' ^ ^ 1^ * 
1^ ;f fs] g) ^ ' ^ tb # >^ ^ ® ^ ^ 

Pal 6fj J: ^ ' t$i ^ ^ tl-^ m m a ^ eo t RSA^ ^.i, 



6^1 



T^-^mn^t,:h^^i^m ' fti 3^ € * ^ ^-i^ ^ 

# 6^ € i7 ^'J ® ffl ' ® t 9#1 ^ # 

^ ^ ^ >^ i£ * P^l ° ^ :?r^ ^ ^ ^ tb ^ ;5r ^ # 

1^ ^ 6*1 t& 'ft ' ^ * 3^ tiJ ^ tJL. ^ # |5t t. " 

RSKm ^ ' ^ ^ ^ ^ 6*J 1^ k#I ^iL 7b ^ m ^ 

> K^m^n^^^ ^^^^^^^ " ^^^^^^^-^ 

^ ^ # ^ ' @ ikb ^ ^ ^ ^ 6^ ^ M® -fi 7t ^ 0 

^ ^ ' ffn ^ ^ ^J^^ ^ ^ ^ ^ k#l >fi 7t ^ IM'J ^ A 

^\ ^ 'ik% ^^t.^ ^ ^ ^ ' ^ ^ - ® ^ ^ 

# ^ ^ # ^ ^ 6^ 5-© >flL 7t ^ : 0 0 1 1 1 » 
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i - mnt^'^H (4) 



^ * ftl € ;^ Jic * # ' -t ^ 'Ui ^f. ^ n >n % 

» .jfc ^ IS) ^ le. # * € i7 » jJc ^ ^ ^ it ^ ^ ^1 4- 

A * ;|=a *h >!i € ;^ ^ 6fj -it £ ' ^ lic * M. ^ a m 

6^1 ^ # ^ ffl 6^} t tfl ° -r ^ ' ftl ^ t ;^ Jic ^ a ^ iz- 

^ 4^ ;t ^1 ^ m € i7 ^ S m ^ 'fi a 6^1 * «t -L ' 

S jtb JiC ^ ^ # >* ^ 6^ ^ ^ ^ * ^ * ° 

^ ® FbI ^ a # ^ t Jic 4i # 6^1 m ' --r 

# f> J - -fS ^ ^ ' jJc ^ a # ^ 0 ^ # ^ ^ ^ -i^ ° * 

a p;^ jL Fai 3i ^ a # ^ ffi ^ ^ ^ * ^fj ^ - ^ 

ffl >^ * >^ t ^ ffl >^ # -f-^ 'f't' ^9 4- # ^ ' - ^ ^ 'f® 

>^ # ^i: F«1 JJt ^ ^ ^ ^ ^ M ' ^ fA ^k.^ 

^ i7 Jic -5^ ° 

* ;^ * -ii # 6^ 0 ^ ^ ^ ' ^ 6^ J- tb ^ ^ #0 ^ a 

# ^ iif ^ ^ it{ ' 0 jtb J^A ^ i-X P;^ ^ jJcl^ 6^ «=f I. ' ^ ^ ^ 

# -sf m # ^ 6^ Jic ^ ^ # " ^ " Sung-Ming Yen, Seung-Joo 
Kim, Seon-Gan Lim, and Sang-Jae Moon. A counter- 
measure against one physical c r y p t ana 1 y s i s may 
benefit another a t tack. it} - « ^ ^ 1^ ^ C safe 
error;ffi7 "Sung-Ming Yen and Marc Joye. Checking 
before output may not be enough against fault- 
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(5) 

based cryptanalysis. iB ^ - # ^ ^ ^ # M safe 

error ' T - ^ ^ M ^ ^ W\ ^ m * ^'t 1^ ^ 

f: i7 lie ^ W 6^ >^ * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ 

error ^ M safe errorlt^iic^ " 

# # T ^ «^ C saf e-errorJic ^ ' m n C safe-error 

^ # 1^ :t Bf X ;t # ^ ^ 'It ii} JI. ' i?n ^ 5^ m ^ ^ ^ 
» jtb j» Jic ^ ^ # ^ ^ C saf e-errorJl ^ ^ #t ° ^?'J ^ X 
m ^ >n % ' ^ek=0' Sb = (Sb S2 )mod n i$ * ^ 

at # ' ^tt An ^ m ^ m ^ % ^ ^ ^ ^ ^ ^ 
^ ^ * o gi 'la :itn j4l ^ ^ >it 1^ m =k^n = ( s b s 2) 

mod n3€ * m ^ ^ ^ ^ ^ ^'1^ ^ ^ * ^ ^ ^ ^+ * ^ ^ ' 

m ^ ifcb ^ m ^ ^ ^ ^ -fa M ^ # s *^ 6^ ^ ' ^ ^ >^ 

# ,i# :^ # ^ 4^ iiJ ^ ^ ^ ^ ^ ^"^^ ^ ^ ^ ' 

^ ^1 >^ # >t * ^ ^ ^ ^ * ^ ^ ^ ^ ^ k^iL 70 e " 

^ T ^ # tJL M saf e-errorJl ' t5: ^ ^1 ^ Y = X • 
Y ' ^ ^ ^ *c ^ Y ' m^k^ ^ Y " * >it ^1 >^ 
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S.-#H^t8.^ (6) 

ffn - ^s: ^ cpu^ m m it ^ 32-14 7t ^ ^ n ' m it 

1^ tf # X • Yit * ^ ^4 tt ^ ' ^jl ^ *t H ( 

32>fSL7t )6fj^l^Yo'X- Yo'^tYo^^l^6^f:;&ii 32 
l^iTG' ^^#5.^a^M#lt''^T^tt#X- Y,' 

^ 3 2^i 7t ^ fst # It ^ ' ^ # # 13 % af ^ 

|;j^lt«''«lilbm4^'^l^^*^^^^t#X- Yi€#o X- 
Y^*^^Blp*#^#^^affit#lt ' #^^af#t#^60 

# iHj Y" 

1^ -f® X • Y6^j ^ # ^ X • Y 0^ X • Y r X • Yi 

X • Y,^=^tf ^ " t tf M I ' Y ,0 ' ^ ® 1 0 

\^ ( Y Y , Y 9) ^ # ^ i'i ' ^ ifc m 'fiF # ^ ( 

Y, Yg)^^] % # H ^ # 14 ^ ^ ' ^ ^ ^ 'CiL 

?ic^-X*;^Y = X- Y^^^^^l--r^e##5- 1 ^ tJL ^ 

' ° ^^^^ 

tt^^^^t^ ' ^PY = Y- X' ^ m M iiiU^ ' mittU^ 
Bf 'l-i ^ ^ ;^ ^ ^ X ' 6^ ^ ^ ^ ^ ^ ^ ^ 

fit It ^ 6^; ^ • 

5^1 3€ # * ^ ^ ' ^ ^ ^ >^ ^ ^ ^-5^^ ^ ^ ' ^ 3t 
^ a #T ^ ^ >^ M saf e-error3l ^ ^ # " 

^ T ^ ^ m m ^ H ^ ^ m ^ m ^ >i: ^ ^ m 
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i > #8^1518^ (7) 

safe-error^ C safe-error 6^^^Jic^ " 



% ^ m % ' ^ e k = OBf ' m # S ,= ( S 2 

S, )mod ni£*A^^6*J^* ' ^^^^ ALU^ ifcb i£ * JL 
^ C safe error ' ,1b ^ Bf .^4 ^ ^ ii ^ it * ^ » ^ 

= lBf ' S tt * So=(S2 • So )mod n ' i^l ^ ALU^ #i itb ^ # 
^ ^ C safe error • ^ ^ ^ m Wi m M. ^ ^ ^ ^ ^ ^ 
^ Sm ^tr - ^ m =-^tf So=(So • So) mod A 

^ tf ^ ffij ^ ^ M 1^ M ^ c S lib M ^ ^ ^ ^ 

e S,= (S2 • S,)mod n3€ # t ^ C safe error' ^> fln m 

^ itb M ^ ^ ^ ^ ^ ^ -fSI ^ * ^ ^ ^ ^ ^ ^ ' ^ 
# ^fc ^ * ^ 4^ ^ ^B ^ ^ ^ ^ ^ k-fi it e u% 1 ' ^ 

htm. >t * >^ ^ ^ 1^ ?P ^ # in ^ ^ ^ ^ ^ k>flL 70 

etl:0- iajtb^=-ffl6f}>^#>tii^^&^^^^C safe error^^i 
lie » 

# ^ ^ =. ffl 6^ >^ ^ ' ^ e k = 09^ ' 1^ tt # S ,= ( S 2 • 
S,)inod n'^jtbBfJ.^M safe error' jtb ^ If ^ ii ^ 

' ^ ek =lBf ' ^tt* So=(S2- So) mod n' 
^ itb >t ^ M safe error ' ,lb^Bf'l4lt^)lf'r>t^^^6fi 
So' itb ^ ^ So >lf T - ^® ® ^ So=(So • So )mod n 

a ^ ^ ^ tt # ffq ^ Sii ^ ^ 6^ * ' m^tU-k^yt^^^n 
m -k^n Sb=(S2 • Sb)mod nit ^ H it M safe error;!r^ 

S,' m ifh it ^ ^ ^ M ^ ^ m. % m ^ ^ ^ ^ ^ 
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(8) 

m ' ^ ^% m m n- >^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^"^^ 

7t eA ^ m >n ^ ^ ^ ^ ^ ^^'^ ^ ^ 

\^ ^ ^ m 7t 0' m .it ^ ^ m ^ m ^ M. ^ m in. u 

safe error6<jJiL^ " 

^ ji i4t -^r ' 3t ^ ^ ^ # ^ijt ^ ^ ^ t tfi ' i. ^ ^ ^ 

Pal jJc ^ ' ^ % :h ' M-saf e error attack ^ 

C safe-error attackPp ^ n ^ ^ ^ ^ " 

^ . [ # ^ ] 

m ;^ Ji^ Ji m ilt ' # #'J 6^1 ^ a 6fj ^ ^ tt - ^1 >^ * 
^ , ^ ^ FbI ^ S ^ ^ ^1 *t ffij ^ ' ffl i-x jL Fal jJc # 

^ ftl t JiL 1^ » 

4^ # 6^ i5 - #1 9 6^; >^ ^ # - ^1 ^4 >^ # ' >^ # >^ 

1# m ^ ^ ^ >fiL 7G ^ 0^ A ^ ^ ^^^^ ' >^ * ^ ^ ^ 
ttj &^J ^ >^ ^ ^ ° ^ jJc ^ ?P ^ ^ ^ 'l-i ^ ^ * 
1^ * ^ifc ^ ^ ;^/r # a it ' ;^ # ^ ^ ^ ^ ^ >^ 

' iistffiiit^'JP^jtC safe error6^jJic^ ° 

;^ # # - -f® a 6^ ^ ^ - ^1 >t * ^ir >^ ^ ^ ^ ^ 

safe-erro r&;i lic ^ » 
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s.>^m^^H (9) 



^ ji ^ it ' m ^ ^ ^ M >i: m jL m ^t^^^n^t,:h 

^k.^ ^ m % ' ^ ^ 1 - % ' * t ^ ^ ^ 

^^^^-^^^^ ' 'ft^Jic^^^^^^H^vi-^C safe 
errors # ^ ^ ^ t tfl ' J. >^ # ^ir t ^ ^ ^ ^ ^ 

safe error6^j s^^y^^n^m^^M.^A^ - iDI^^I^^ 

^ ^ ?t ' a it $-J ^fe ^1 *t ^ * m 6^ ^ ^ ^ ^ S ^ 

6ij ^ |5] ffq ^ ' it rfQ it i'J P-^ -it P«1 ° 

4^ ^ 8^ ^ - ^ <^ ^ ^ -^-^ jL Bf fal ^ ;^ ^ 

^ ^ : 1 . :^ # ^ it i§ - ''^ P^l ^ ^ ^-'t' ^ ^ " ' 2 . 
^ # ^ >i> F^l ^ ^ ^ - ^ ^ - ^5^' ^ ^ ^ ' * 't' 

^ ^ ^ ^ ^ ^ S- — 7t ^ is. ; 3 . ilf - 1^ - -IS. t5: ^ 

1 ' 'ft 4 ^1 ^ J'J - ^ - ^ ; 4. 0 ^ ^ ^ m m 

-fiTt ' ^ - ^ ^ iiL 7t ^ - ^ ^^^^ 7t ^ ^ n - ^ % yi: 

' a M >^ * ^ ^ • a . ^jf - it # 7t it i^ - >^ 

H ^1^ ^ il} ^1 ^ >^ - ^ ^ <i > il^ ,tb il # -fi it ^ =ii - it ^1 

^^-^Es^ ;b. ^ % ^ 0' m^tt#^-^^^^^ 

# f4 ^iJc i£ # il ^1^ * # ^ ^ - ^ ' ^ ^ ^ 1 ' ^'J 
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3L--^B^IS.B-^ (10) 

^tf % ^ " ^ m i^-^ ^ ^ iM. n m ^ u m ^ 9^ ^ m ^ ^ ^ 
^ - m ; c . ^ ^ m iM. ^ 0 ^ M tf % ^ - is. ^ ^ n m ^ 

^m^^M.s^^'k^^^^-'iM. ' ^ ^ ^ ^ ^ 1' M ^tf % 

; 5 . ^If ^ * ^iL 7t ^ - -fi 7G # ^ it # -fit 7t ' ii ir=h as # 
70 it. # -^1 ^ * ^ # ^ ' % n % 7t ^ ^ i^^^ 7t ; 6 . 
^ ^ - ^ * fst # ii # tt} » 

ES - [ ;5fe >r ^ ] 

4^ # 6^1 — # ^ ^fe -f^'J ^ §^ ^« ^ ^ 1^ " — ' 
4g ' ;^ -f ^ ^ -^r a ^ >^ i«b ^ ^ -fe 6^ ^fe. -f^'J ^fe ' J- 

4^ # 6f; |& ® ^ ^ ^ ' % i^X ^ ^k m ^ M m ^ ^ " 

^ ^ a #r t ' ^ - m m ^ ^ ^ yn ^ ^ - >^ ^ 

3^ % R = M' e mod n^^j 6. 4t # " * t " " " -f^ * >5r . & >^ 
# ili 6fj -ft 4 , e.^ ^1 ^ , ffij ^ » ^ ^/f i4 ' ^ - 

ffl m II: * * * ^ * >^ * ^ ^ ^ ^ * 

mod nH ^ ^ #J lif ^ ^ ^ ^=1- >{t 6^ ^ k^i it ^ 1^ 0 <> H ^ 
* ^ ^ 6^1 7t tt * ' ^ ^ ^ -sf ^ # m # ^ ^ ^ 'fiL it 

o 

j-x T 4^ # m ^ j-x # ^ ^> F^i ^ 1^ ^ ^ >n 

% >k ' ,1b ^ ^ -fa -sf P;ir jL ^ iiit FbI Jll^ ' ftl € ;^ 
' H-siTii. — #6tiP^^JC safe-errorJl-^^M safe- 
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s.-^mn.^ (11) 

e r r o r lie ^ ° :^ jl A RSk'z:^ ^ ^ A ^ 
^ ^ ii ffi ^ ^ # «^ ^ >^ * " 



^ >t ^ ° # Ck =OBf ;ft Ro ^ (Ro- Ri)mod n 1^ Ro ^ 
(Ro Rc)niod n ' # =10* ^ Ro - ( R o Ro)mod n 1^ Ro 
(Ro- Re) mod n» f ® ^^j >^ # >^ * # ^ 
Bf Fal Jic ^ ^ € 3^ ^ " >i5L 3^ ® 1^ j;l # # # 6^ ^ * ' 
it m C safe error6^Jicl^''>^#'fA.^^^^^^^^®^ 
' ^J-^^^^P^jtM safe error 6^Jicl^ " 

^ ^ m - m ^ -kP ^ S- m ' 

^ ^ ^ - -ft ,1. M ;ii ?t # t=f ^ 5f1 ^ ^ M. 4l 

— ;|^l^n^-^^^-^^e' ^t#'^^^^ (e w-i, e «-2, e ' 
e „ e o) ' ^ ^ 1 ' iif 4 M^l ^ $'J S ii )If e # m 
^ 1 ( 10 0) 3fe ;ft T «^ = 

^^^iiJ^-fiLTt (e ^i^iSL 7t ( e a) ^'J ^ # - 

|;m * >^ ' Ji k = w-l (110) ' ^1 * ^ ^ ^ • 

l)lf ^ # 'fi 7G e ,?t - ^@ II ii ^If ^ * ^ >^ - b-IS. ' m 

itL 7t ^ -'k - ^SL 7t ey^Jt ^ n ( 120) 2 . ^ ^ ^ 
tt # So = (So • Sb)inod So = (So SJmod n ( 130) ; 
S.^^ k = k-l (140) ; 4.t ^ ^ 1# «^ 5- ^ 3^ 1^ i 

^ ^ k=m m ; 5.:t li^ :i: sr^t # Jl ^ * ( 150 
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(12) 

) » 

^ T ^ m ^ tH. m ^ m % ^ SB. ^ " ^ m ^ 

^y^U^^^^-^^^^^"^^^ ^ w-i^ 1 ' t e k = 08^ ^ So = 
(So S,)mod So =(So Sc)mod n' t =m^n So = ( 
So- So) mod nl^ So = (So SJmod n' ^ t c= eK-,» n ^ 

10001100' iim^-mM^^m^>n^>^^^^ 

^E9SI:5L>t^^^^e. Ck =0 Hf^^#6f; S=(S- S)mod nit* 
^ ^ J- ^ - -f® S tf * ' ^ ;^ M ^ - -f® SI tt * # ® 

^ tt # 6^1 S=(S- M)mod # 'ii^ ^ ^ 41- « * ' ^ m 
^ m I. S=(S- M) mod n 2. S=(S- S)mod it ^ ^ S = 
(S- S)inod tf * ' # S Ji # T ^ 6fj S=(S- M)inod 

R'SL^ m ^ 2 ;i- # ^9 6^1 ^# ^ ' S jkb ^ S = (S- S)mod n 
^tf % ^ m m M I. S=(S- S) mod n 2. S=(S- M) 

mod n 3. S=(S- M)mod n» 

- f^l ^ 1^ m m e7=l ' S 0= (So S o) mod n ^ S o 

= (So Sc)mod n' ^ t c= e 6° # ^ 7>(® ffl e So =(S 

0 So)mod n H So =(So So)mod ni€ * ' * t ^ 1#1 S o= ( 
So So) mod nag # ^ ^> ^ 6^ ^ # ' * 6 6=0 ' So = (So S 
o)mod tf n- ' -f^ # ^ 2^a So =(So So )mod ^ 

^ ^ tt * - 
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£.^^mt!tm (13) 

T-#I®-^^6>fllil-iLe6=0'#.#So = (So S,)mod n 
n So =( So Sc)mod n' * t c= 65° 'f^. # ^ m M H So 

= (So S, )mod n ^ So = (So So )mod * ' ^ t So = 
(So S, )mod % A M ^ ^ ^ ' ^ ^ e 5= 0^ So = (So 
So )mod ^ tt * • # ^ 2#1 So = ( S « So )mod nl'J ;^ M 
^ n ^ ° 4^ 3^ itb SI ^ tf # 2^ii S 0 = ( S 0 S ,) mod n > 

= (So So)modntt^'B]iH:.l€5-T-'f@®^^6^So=(So Sj 
)mod M- ' ^ T 'fS SI -i^ ^ tf ^ 2^iL » 

T - -f® © ^ S-f® © e 5= 0 ' e-f® ffl 'It >X> ^@ 15] ;f 

# tt ^ « 

T - -f® S ^ 4^® ® -i^ 64=0 ' ^ # So = (So S , )inod n 
H So = (So Sc )mod n' c= 63' ^ ^ e^^l ' 'f^^^ 4 

#1 ^ # So = (So- S,)mod n 1^ So =( So S,)mod n- 

^ 5m m ^ T ^0= (So S,)mod % ^ ^ m =k ^ ' 

^ «r 1^ ^ T S 0 = (So S 1) mod n-ii^ t 2^iL ' it - M =^ 

T - 'f® SI 1^ S-f® ffl e 3= 1 » ^ ^ S 0 = (So S 0 ) mod n 
^So = (So Sc )mod n' *t c= €2° ^ ^ 02=1 ' 3 
#1 ® ^ # So =(So- So )mod n ^ So = (So Si )mod n 
% ' it # >^ # IS] ^ -fe ^ ° 
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(14) 

% 2n © =^ 'It ^ ^ T-fi SI ^@ f5] ' % m gi 60 'It 

y^L ^ % W m -'^ ^ ' S Jtb ^ # 1^ » 

1t\ 'A tk ^ 'A — "^"^ M '-^ ' % O'O gl -il e 0= 0 ' ^ # S 0 = ( S 0 

• S,)mod S o= ( S o S e) mod n ' ^ t c= e ^ >^ 

^ t -fa tS: e -1= 1 ' a ifcb 'It >^ ^ 1^ 4^a ffl - ' S o = ( 

So S, )raod So = (So S , ) mod n ' ^ *f ^ ^ ^ - 'f® 

gi m ^ T 60 i$ # ° 

-I- # # ^1 4- i-x P;^ jL air Pal ^ ^ ^ € ^ j4l ^ ; ^ ^ m % 
t^^^^-^^Oit^ ' >ft#Jl^*^^*:ll*>i^C safe 
errors #^^ji^^^60tm ' J--;^^^i:t^^^^^^*: 

safe error60 j1 ^ «^ # ^ ^ ^ >^ ^ ^ t » # ^/f ^ 

-f^ >t # ^ ^ — "^t * R = M " e mod nU) :^ ' ^ ^ it ^ 

lib IJe. # j;^ it » 

a m it ^ # * ^^'^ ^ ' ^^^^ ^ 

# ffl ^ 1%. Tfii # ffi J-^^ . Pf^ ^ ^ ^ t tt * ^'J ie. ® ° ^ ^ ^ 
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i > [ ® ^ ftl iF t^L ] 

^ - @I ^ tf # Me mod i% m ^ ^ ; 
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M, n, e = (ew-r-eieieo) 




Itih: S = M'modn 




1 


Let S = 1 




2 


FOR k = w-1 downto 0 




3 


s> — (^o'o ) moa n 




4 


IF (ck is 1 ) THEN 




5 


S = (S»M) mod n 




6 


ENDIF 




6 


ENDFOR 




7 


RETURNS 


■ 















^>^w: M, n, e = (ew-i'-eaeieo) 




S = M'modn 




1 


L6tSo= 1; S2 = M 




2 


FOR k = w-1 downto 0 




5 


b — ~ek 




4 


So = (So»So) mod n 




5 


Sb = (S2«Sb) mod n 




6 


ENDFOR 




7 


RETURN So 










Hr-^*. M, n, e = (ew-p- •626160) 




l^ih : So = M modn 




: assume ew-i=l 




1. 


6-1=1 




2. 


So = 1 ; Si = M 




3. 


FOR k = w-1 downto 0 DO 




4. 


b = ~ek ; c = 6k-i 




5. 


So = (So .Sb) mod n; So = (So.Sc) mod n 






ENDFOR 




6. 


RETURN So 
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